What entities are responsible for cloud security controls regarding FedRAMP?

Arlington Security Portal - Show on: Side Bar

The responsibility is shared, that is, both cloud service providers (CSPs) and agencies (customers) assume any number of important roles for ensuring the safety and security of data resident in cloud systems. It is important to note that CSPs are required to submit a Control Implementation Summary (CIS) workbook as an attachment to their System Security Plan (SSP). Specifically, per FedRAMP, “The CIS workbook identifies security controls that the CSP is responsible for implementing, security controls that the agency (customer) is responsible for implementing, security controls where there is a shared CSP/agency responsibility…”.

From Beginning to End, Complete Project Management for FedRAMP

With Arlington, we can manage your entire FedRAMP authorization process from beginning to end (i.e., from the initial FedRAMP scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO. Core services and solutions offered include the following:

RFP Services
Scoping & Gap (i.e., Readiness) Assessments
Remediation Services
Managing the official Security Assessment Audit
System Security Plan (SSP) Development
Continuous Monitoring Services

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

DoD Strategy & Advisory

FedRAMP for DOD Contractors

TPRM & Supply Chain

NISP eMASS DCSA

Cybersecurity

Config. Mgmt.

NIST 800-171

Data Privacy

DoD Cloud Security

CMMC

vCO & vCISO

Awareness / Threat Training

Risk Assessments

FISMA

CP & IR

Non-DoD NIST RMF

About Arlington

Expertise

Focus

Values

DoD Briefs

Case Studies

FAQ's

What entities are responsible for cloud security controls regarding FedRAMP?

Arlington Security Portal

SERVICES

RESOURCES

ABOUT